Menu
▾
▴
colinux-users
|
From: Hari K. D. <har...@gm...> - 2010-05-08 06:35:56
|
I am running CentOS 5.3 via colinux on a laptop running XP Prof. I have been connecting to internet via a tuntap adapter via ICS on my wifi, but I need to step up a little bit to make my life easier, especially with VPN. I went through http://colinux.wikia.com/wiki/Network and it seems like slirp is my best bet and the easiest, but I can't get it working at all. I have this set in the command line config file: eth0=slirp On the linux side, I used dhcp and after a reboot, I do get the right values for ip (10.0.2.15) and gateway (10.0.2.2). I can ping to 10.0.2.2 and 10.0.2.3 as well, but I can't ping to anything outside, even though their ip gets resolved. I do have a workaround (I think) for now, since I was able to get pcap-bridge working (albeit, with great difficulty) on my wifi and for VPN, I am using ICS over VPN adapter. The idea is that when in the office, the pcap-bridge should provide both internet and intranet access, while at home, pcap-bridge would provide internet while tuntap will provide intranet (when VPN is up). In both instances, tuntap will also serve to provide a fast local access between XP and linux. I have verified this from my home, but won't be able to verify until some time next week when I will be in the office. One issue with the above setup that I can't figure out right now is the name resolution for VPN. I am able to access using ip addresses (after adding an explicit route), but name resolution fails, even though I edited /etc/resolve.conf to add the search domains and nameserver ips (that I obtained from my VPN adapter on windows side). I guess I can live with being able to access by ip addresses (I could add some of these that I frequently access to /etc/hosts), but I am hoping that getting slirp working will not only simplify the setup, it will also solve the name resolution issue. I would appreciate any help in troubleshooting the slirp issue (or even the name resolution). PS: In case anyone is looking to get pcap-bridge to work for wifi on a HP EliteBook 6930p, this is what I had to do (again, I am using centos): - Use the same wifi MAC address on both the linux and windows side - Enable nopromisc mode Ex: Command line config file: eth2=pcap-bridge,"Wireless Network Connection",<wifi mac>,nopromisc /etc/sysconfig/network-scripts/ifcfg-eth2: HWADDR=<wifi mac> |
|
From: Henry N. <hen...@ar...> - 2010-05-08 22:39:33
|
Hari Krishna Dara wrote: > eth0=slirp > > On the linux side, I used dhcp and after a reboot, I do get the right > values for ip (10.0.2.15) and gateway (10.0.2.2). I can ping to > 10.0.2.2 and 10.0.2.3 as well, but I can't ping to anything outside, > even though their ip gets resolved. Ping (IMCP-protocol) is not supported by SLiRP. Try any other applications with TCP or UDP to check the connection, for example "wget google.com" -- Henry N. |
|
From: Hari K. D. <har...@gm...> - 2010-05-09 19:50:22
|
On Sat, May 8, 2010 at 3:39 PM, Henry Nestler <hen...@ar...> wrote: > Hari Krishna Dara wrote: >> >> eth0=slirp >> >> On the linux side, I used dhcp and after a reboot, I do get the right >> values for ip (10.0.2.15) and gateway (10.0.2.2). I can ping to >> 10.0.2.2 and 10.0.2.3 as well, but I can't ping to anything outside, >> even though their ip gets resolved. > > Ping (IMCP-protocol) is not supported by SLiRP. > Try any other applications with TCP or UDP to check the connection, for > example "wget google.com" > I can't believe I missed to see this information already documented, thanks for pointing it out. I can see that I am able to access both internet and VPN via slirp. However, there are a few issues: - Name resolution is not working well. I can't resolve names over VPN (even after adding my VPN name servers to /etc/resolve.conf file) and a few others that can be resolved from WXP (e.g., names in my local network). - I have my tuntap adapter getting registered as the default gateway, so at first nothing worked. Only when I added the slirp gateway as the default gateway and removed the tuntap gateway from being the default, the internet even started worked. Is there a better solution for this than putting the route commands in /etc/rc.d/rc.local file? On a side note, I also notice that tuntap adapter started becoming my default gateway on XP side as well, not sure what is causing this. May be a reboot will fix it. -- Hari |
|
From: Henry N. <hen...@ar...> - 2010-05-09 20:49:02
|
Hari Krishna Dara wrote: > On Sat, May 8, 2010 at 3:39 PM, Henry Nestler wrote: >> Hari Krishna Dara wrote: >>> eth0=slirp >>> >>> On the linux side, I used dhcp and after a reboot, I do get the right >>> values for ip (10.0.2.15) and gateway (10.0.2.2). I can ping to >>> 10.0.2.2 and 10.0.2.3 as well, but I can't ping to anything outside, >>> even though their ip gets resolved. >> Ping (IMCP-protocol) is not supported by SLiRP. >> Try any other applications with TCP or UDP to check the connection, for >> example "wget google.com" >> > I can't believe I missed to see this information already documented, > thanks for pointing it out. I can see that I am able to access both > internet and VPN via slirp. However, there are a few issues: > - Name resolution is not working well. I can't resolve names over VPN > (even after adding my VPN name servers to /etc/resolve.conf file) and > a few others that can be resolved from WXP (e.g., names in my local > network). SLiRP use only the first nameserver from Windows and forwards it under 10.0.2.3. So, it is a good idea, to add more nameserver's in /etc/resolve.conf manualy. For me, it works in special environment with DNS server on intranet (closed DNS, not Internet) it was ok. Not explicitly tested for a VPN. > - I have my tuntap adapter getting registered as the default gateway, > so at first nothing worked. Only when I added the slirp gateway as the > default gateway and removed the tuntap gateway from being the default, > the internet even started worked. Is there a better solution for this > than putting the route commands in /etc/rc.d/rc.local file? Don't set any gateway for TAP. TAP is a private network between Linux and host and not need a default gateway. The route for this network will automatically set after the interface will coming up. That means, don't set gateway in file /etc/network/interfaces for tap device under Debian. PS: In some docs a gateway was set, because TAP device was used as "Internet connect sharing" (ICS). > On a side note, I also notice that tuntap adapter started becoming my > default gateway on XP side as well, not sure what is causing this. May > be a reboot will fix it. I hope the TAP has an other network range as all your other networks (Ethernet cards and Wi-Fi). And the same as under Linux: Don't set a route or gateway for TAP device. -- Henry N. |
|
From: Hari K. D. <har...@gm...> - 2010-05-10 01:24:39
|
On Sun, May 9, 2010 at 1:48 PM, Henry Nestler <hen...@ar...> wrote: >> I can't believe I missed to see this information already documented, >> thanks for pointing it out. I can see that I am able to access both >> internet and VPN via slirp. However, there are a few issues: >> - Name resolution is not working well. I can't resolve names over VPN >> (even after adding my VPN name servers to /etc/resolve.conf file) and >> a few others that can be resolved from WXP (e.g., names in my local >> network). > > SLiRP use only the first nameserver from Windows and forwards it under > 10.0.2.3. So, it is a good idea, to add more nameserver's in > /etc/resolve.conf manualy. For me, it works in special environment with DNS > server on intranet (closed DNS, not Internet) it was ok. Not explicitly > tested for a VPN. I added DNS servers ips from my vpn adapter to the /etc/resolve.conf along with my router's ip. I am able to ping to those name servers when my vpn is up (which BTW, I thought wouldn't work because slirp is not supposed to support ping). I suppose there is nothing that can be done on the windows side? Would adding additional NAMESERVER entries into the /etc/sysconfig/network-scripts/ifcfg-eth0 help (which I am not actually sure is valid). > >> - I have my tuntap adapter getting registered as the default gateway, >> so at first nothing worked. Only when I added the slirp gateway as the >> default gateway and removed the tuntap gateway from being the default, >> the internet even started worked. Is there a better solution for this >> than putting the route commands in /etc/rc.d/rc.local file? > > Don't set any gateway for TAP. > > TAP is a private network between Linux and host and not need a default > gateway. The route for this network will automatically set after the > interface will coming up. > > That means, don't set gateway in file /etc/network/interfaces for tap device > under Debian. > > PS: In some docs a gateway was set, because TAP device was used as "Internet > connect sharing" (ICS). > >> On a side note, I also notice that tuntap adapter started becoming my >> default gateway on XP side as well, not sure what is causing this. May >> be a reboot will fix it. > > I hope the TAP has an other network range as all your other networks > (Ethernet cards and Wi-Fi). And the same as under Linux: Don't set a route > or gateway for TAP device. Great, these two changes got me the right gateway settings for both linux and windows and everything seems to be working great (except for the name resolution as described above). Thank you very much for getting me through so far, I really appreciate it. I got slirp port-forwarding also to work beautifully and all of this would help reduce the complexity of how I move files around and work with our SCM without additional ssh tunnels. PS: Henry, sorry about the duplicate, I first used reply instead of reply all. -- Hari |
|
From: Eric S. J. <es...@ha...> - 2010-05-10 03:08:59
|
On 5/9/2010 9:24 PM, Hari Krishna Dara wrote: > > I added DNS servers ips from my vpn adapter to the /etc/resolve.conf > along with my router's ip. I am able to ping to those name servers > when my vpn is up (which BTW, I thought wouldn't work because slirp is > not supposed to support ping). I suppose there is nothing that can be > done on the windows side? Would adding additional NAMESERVER entries > into the /etc/sysconfig/network-scripts/ifcfg-eth0 help (which I am > not actually sure is valid). I think you're hitting a problem I have hit a few times with open VPN. Forgive me if I misinterpret your problem and solving something else entirely. DNS is built on the assumption that all name servers have the same data. unfortunately, when you have a VPN, you no longer have this situation. Each name server at the end of a VPN has a different set of names that you Can't access via the public Internet. one would think that the normal round-robin feature of most resolvers would help bridge the difference between the two name spaces but no, many DNS proxies return the wrong response and prevent the round-robin behavior from happening. This problem gets worse when you have two or three VPNs open at the same time. No matter what name server you use, names without on the other VPNs will be invisible. Unfortunately, the only answer seems to be a specialized DNS proxy that associates a domain with a name server plus the default of "on the Internet". I've tried using dnmasq to solve this problem because it has the right capabilities but unfortunately, every time DHCP renews lease, the DNS name server entry is overridden and you lose your local changes. I'm sure there's a way around it but, I'm not sure how just yet. --- eric |
|
From: Henry N. <hen...@ar...> - 2010-05-10 08:31:33
|
Eric S. Johansson wrote: > On 5/9/2010 9:24 PM, Hari Krishna Dara wrote: >> I added DNS servers ips from my vpn adapter to the /etc/resolve.conf >> along with my router's ip. I am able to ping to those name servers >> when my vpn is up (which BTW, I thought wouldn't work because slirp is >> not supposed to support ping). I suppose there is nothing that can be >> done on the windows side? Would adding additional NAMESERVER entries >> into the /etc/sysconfig/network-scripts/ifcfg-eth0 help (which I am >> not actually sure is valid). > I think you're hitting a problem I have hit a few times with open VPN. Forgive > me if I misinterpret your problem and solving something else entirely. > > DNS is built on the assumption that all name servers have the same data. > unfortunately, when you have a VPN, you no longer have this situation. Each name > server at the end of a VPN has a different set of names that you Can't access > via the public Internet. one would think that the normal round-robin feature of > most resolvers would help bridge the difference between the two name spaces but > no, many DNS proxies return the wrong response and prevent the round-robin > behavior from happening. > > This problem gets worse when you have two or three VPNs open at the same time. > No matter what name server you use, names without on the other VPNs will be > invisible. Unfortunately, the only answer seems to be a specialized DNS proxy > that associates a domain with a name server plus the default of "on the Internet". > > I've tried using dnmasq to solve this problem because it has the right > capabilities but unfortunately, every time DHCP renews lease, the DNS name > server entry is overridden and you lose your local changes. I'm sure there's a > way around it but, I'm not sure how just yet. Yes, Eric points into right direction. To use dnmasq, you need to disable DHCP and use static configuration for SLiRP. Don't worry about addresses, because DHCP-Server inside SLiRP give the guest the same address every time. So, static or DHCP does not matter. http://colinux.wikia.com/wiki/Network#SLiRP_with_Static_IP_Address In config of dnmasq you must set 10.0.2.3 and your DNS from VPN. In static network configuration of SLiRP you should set "nameserver localhost" in /etc/resolv.conf. -- Henry N. |
|
From: Hari K. D. <har...@gm...> - 2010-05-10 18:18:49
|
On Mon, May 10, 2010 at 1:31 AM, Henry Nestler <hen...@ar...> wrote: > Yes, Eric points into right direction. > > To use dnmasq, you need to disable DHCP and use static configuration for > SLiRP. Don't worry about addresses, because DHCP-Server inside SLiRP give > the guest the same address every time. So, static or DHCP does not matter. > http://colinux.wikia.com/wiki/Network#SLiRP_with_Static_IP_Address > > In config of dnmasq you must set 10.0.2.3 and your DNS from VPN. > In static network configuration of SLiRP you should set "nameserver > localhost" in /etc/resolv.conf. > Thank you Eric and Henry, I got dnsmasq to work nicely with your suggestions. I simply updated /etc/resolve.conf to use 10.0.2.3 and my VPN nameservers (along with disabling dhcp on slirp) and that got lookups to work nicely for VPN. The domain search order is still not working, but it is still much better as I can now use names and not worry about changing ip addresses. Meanwhile, I also got cofs to work and now just learned that I could setup colinux to run off real partitions. This will make it easier to eventually migrate away from windows completely (not going to happen until we replace MS sql server, but we are getting there). -- Hari |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X